FERMA Voices Concern over ISO's Proposed Cyber Insurance Guidelines

Cyber Security found by a magnifying glass

April 09, 2019 |

Cyber Security found by a magnifying glass

The Federation of European Risk Management Associations (FERMA) said the cyber insurance guidelines proposed by the International Organization for Standardization (ISO) are "premature and inappropriate ... given the fast pace of technological development."

ISO is currently in the final stages of a 3-year project to approve guidelines for cyber insurance that it calls, "ISO/IEC 27102—Information technology—Security techniques—Information security management guidelines for cyber insurance." 

The document is meant to help information technology (IT) experts when considering cyber insurance, according to FERMA.

FERMA and number of other industry associations and representatives are concerned that, while it developed the guidelines, ISO failed to obtain "sufficient" or "adequate" input from the insurance industry.

FERMA Board President Jo Willaert, said, "Cyber insurance is evolving rapidly in the face of fast technological development. Insurance buyers are working out their needs, and the insurance industry is analyzing how it can provide cover without unquantifiable exposures. It is too early to agree [to] a standard."

He continued, "In any case, we are not clear why a standard for cyber insurance should be intended for IT security experts.... Cyber security is an enterprise risk, and its management, which includes insurance, requires the involvement of risk professionals."

In conjunction with other European insurance industry bodies and association with Aon and Marsh, last fall, FERMA jointly published the guide Preparing for cyber insurance, which outlines how organizations with an interest in accessing cyber insurance can best prepare for discussions with insurance intermediaries and insurers. The guide also provides tools to help organizations evaluate cyber insurance offers and how they may translate in practice. 

FERMA Board Member Philippe Cotelle added, "We believe [the publication Preparing for cyber insurance] would be more effective in developing a sustainable cyber insurance market for us as stakeholders to continue working together."

April 09, 2019